fix(deps): update go-modules controller-runtime and k8s#902
fix(deps): update go-modules controller-runtime and k8s#902red-hat-konflux[bot] wants to merge 1 commit into
Conversation
ℹ️ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
github-actions
Bot
added
semver/minor
AI Dependency Impact AnalysisPrevious analysisPrevious analysisPrevious analysisPrevious analysisPrevious analysisPrevious analysisRisk Level: MEDIUMSummary of Dependency ChangesThis PR updates several Kubernetes dependencies (api, apimachinery, client-go) from v0.33.4 to v0.36.0, k8s.io/utils with a digest update, and controller-runtime from v0.19.4 to v0.24.1. The controller-runtime update includes breaking changes related to Kubernetes dependencies and webhook handling. Several transitive dependencies were added, changed, or removed. Affected CodeSince this is a dependency update PR and no specific code snippets of usage are provided, it's impossible to determine exactly how the codebase is affected. We can assume that because the updated packages provide core Kubernetes functionalities, parts of the codebase directly or indirectly depend on the exposed APIs. If no direct imports exist, the risk is lower, but changes to the Kubernetes API types can still influence the behaviour of Kubernetes manifests. Breaking Change AssessmentThe release notes for controller-runtime v0.23.0 and v0.24.0 mention breaking changes, including an update to k8s.io/* v1.35 and v1.36 respectively. This includes modifications to webhook handling where Security AssessmentNo security advisories or govulncheck results are provided, therefore there's no information to factor into the risk assessment on that front. Recommended ActionReview specific areas: Due to the minor version bump and associated risk hints, the reviewer should carefully check the usage of Kubernetes APIs, and webhook implementation. In particular pay attention to how webhooks are defined and how manifests interact with Kubernetes API types. Also the reviewer must validate the Konflux CI pipeline passed successfully before merging to prove the build toolchain update didn't break the build. Risk Level: MEDIUMSummary of Dependency ChangesThis PR updates multiple Kubernetes dependencies including k8s.io/api, k8s.io/apimachinery, k8s.io/client-go, k8s.io/utils, and sigs.k8s.io/controller-runtime. The k8s.io/* dependencies bump from v0.33.x to v0.36.x, and sigs.k8s.io/controller-runtime goes from v0.19.4 to v0.24.1. While these are minor version bumps, the Affected Code
Breaking Change AssessmentThe Security AssessmentNo security advisories or govulncheck results are present in the provided context. Recommended ActionReview specific areas: Due to the breaking change in Risk Level: MEDIUMSummary of Dependency ChangesThis PR updates Affected CodeSince no code snippets were provided, a general analysis is performed.
Breaking Change AssessmentThe update to Security AssessmentNo specific security advisories or govulncheck results were provided. Recommended ActionReview specific areas: Due to the Risk Level: MEDIUMSummary of Dependency ChangesThis PR updates several Kubernetes dependencies, including Affected Code
Breaking Change AssessmentThe Security AssessmentNo security advisories or govulncheck results are present. Recommended ActionReview specific areas: Due to the Risk Level: MEDIUMSummary of Dependency ChangesThis PR updates several Kubernetes dependencies, including Affected CodeSince the assessment is done without access to project code, I will make a general analysis.
Breaking Change AssessmentAs this is a minor version bump per semver, breaking changes are unlikely, however, the release notes for Security AssessmentNo security advisories or govulncheck results are present in the provided data. Recommended ActionReview specific areas: Due to the significant number of dependency changes, especially in Risk Level: MEDIUMSummary of Dependency ChangesThis PR updates several Kubernetes dependencies (k8s.io/api, k8s.io/apimachinery, k8s.io/utils) and sigs.k8s.io/controller-runtime. The k8s.io dependencies are updated from v0.33.4 to v0.36.1, while controller-runtime jumps from v0.19.4 to v0.24.1. Controller-runtime v0.24.0 includes breaking changes due to the update to k8s.io/ Affected Code
Breaking Change AssessmentThe upgrade of controller-runtime to v0.24.1, which includes v0.24.0, introduces breaking changes due to updated k8s.io/* dependencies. This may impact the controller's interactions with Kubernetes resources, especially if the controllers use webhooks. Specifically, the Security AssessmentNo security advisories or govulncheck results are included in the context. Recommended ActionNeeds careful review: The minor version bump to controller-runtime includes breaking changes related to Kubernetes API versions and webhook implementations. The reviewer should examine the areas affected by these changes, specifically controllers using webhooks and event recorders, to ensure compatibility and perform necessary RBAC updates. Risk Level: MEDIUMSummary of Dependency ChangesThis PR updates several k8s.io dependencies (api, apimachinery, client-go) from v0.33.4 to v0.36.1, and sigs.k8s.io/controller-runtime from v0.19.4 to v0.24.1. These are minor version bumps, but represent a significant number of changes, including bug fixes, new features, and dependency updates within those projects. The controller-runtime update includes breaking changes related to Kubernetes API versions and webhooks. Affected Code
Breaking Change AssessmentThe controller-runtime update includes a breaking change related to upgrading to k8s.io/* v1.36 which is being done here so the code should already be compliant. Other breaking changes include changes to the events API that should be reviewed. Security AssessmentNo security advisories or govulncheck results are present in the context. Recommended ActionReview specific areas |
github-actions
Bot
added
the
risk/medium
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Risk Level: MEDIUM
Summary of Dependency Changes
This PR updates several Kubernetes dependencies (api, apimachinery, client-go) from v0.33.4 to v0.36.0, k8s.io/utils with a digest update, and controller-runtime from v0.19.4 to v0.24.1. The controller-runtime update includes breaking changes related to Kubernetes dependencies and webhook handling. Several transitive dependencies were added, changed, or removed.
Affected Code
Since this is a dependency update PR and no specific code snippets of usage are provided, it's impossible to determine exactly how the codebase is affected. We can assume that because the updated packages provide core Kubernetes functionalities, parts of the codebase directly or indirectly depend on the exposed APIs. If no direct imports exist, the risk is lower, but changes to the Kubernetes API types can still influence the behaviour of Kubernetes manifests.
Breaking Change Assessment
The release notes for controller-runtime v0.23.0 and v0.24.0 mention breaking changes, including an update to k8s.io/* v1.35 and v1.36 respectively. This includes modifications to webhook handling where runtime.Object should be changed to concrete types. The upgrade to k8s.io/* v1.36 can potentially introduce breaking changes depending on how the codebase interacts with Kubernetes APIs, but as these are minor version bumps, breaking changes are unlikely per semver.
Security Assessment
No security advisories or govulncheck results are provided, therefore there's no information to factor into the risk assessment on that front.
Recommended Action
Review specific areas: Due to the minor version bump and associated risk hints, the reviewer should carefully check the usage of Kubernetes APIs, and webhook implementation. In particular pay attention to how webhooks are defined and how manifests interact with Kubernetes API types. Also the reviewer must validate the Konflux CI pipeline passed successfully before merging to prove the build toolchain update didn't break the build.
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/main/go-modules-controller-runtime-and-k8s
branch
from
d22dde5 to
139bf20
Compare
github-actions
Bot
added
risk/medium
There was a problem hiding this comment.
Risk Level: MEDIUM
Summary of Dependency Changes
This PR updates multiple Kubernetes dependencies including k8s.io/api, k8s.io/apimachinery, k8s.io/client-go, k8s.io/utils, and sigs.k8s.io/controller-runtime. The k8s.io/* dependencies bump from v0.33.x to v0.36.x, and sigs.k8s.io/controller-runtime goes from v0.19.4 to v0.24.1. While these are minor version bumps, the controller-runtime update contains a breaking change related to updating to k8s.io/* v1.36.
Affected Code
- No direct imports exist in the provided context.
Breaking Change Assessment
The controller-runtime v0.24.0 release notes indicate a breaking change: "Dependencies: Update to k8s.io/* v1.36". This may introduce subtle incompatibilities within the codebase, requiring careful verification that existing functionality remains intact. This update includes several bug fixes and enhancements, but due to the breaking change related to Kubernetes dependencies, a closer examination is required.
Security Assessment
No security advisories or govulncheck results are present in the provided context.
Recommended Action
Review specific areas: Due to the breaking change in controller-runtime related to Kubernetes dependencies, reviewers should check all files where controller-runtime APIs are used, paying close attention to compatibility issues arising from the Kubernetes API version bump.
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/main/go-modules-controller-runtime-and-k8s
branch
from
139bf20 to
babeb5f
Compare
github-actions
Bot
added
risk/medium
There was a problem hiding this comment.
Risk Level: MEDIUM
Summary of Dependency Changes
This PR updates k8s.io/apimachinery from v0.33.4 to v0.36.1 and sigs.k8s.io/controller-runtime from v0.19.4 to v0.24.1, along with a digest update to k8s.io/utils. The updates include bug fixes, new features, performance improvements, and dependency updates within the Kubernetes ecosystem. The controller-runtime update depends on k8s.io/* v1.36.
Affected Code
Since no code snippets were provided, a general analysis is performed.
- k8s.io/apimachinery: This library is fundamental for working with Kubernetes objects. Without specific code examples, it's impossible to pinpoint the exact usage.
- k8s.io/utils: Digest update, impact is difficult to assess without specific usage context.
- sigs.k8s.io/controller-runtime: Used for building Kubernetes controllers. Without specific code examples, it is impossible to pinpoint exact usage.
Breaking Change Assessment
The update to k8s.io/apimachinery is a minor version bump across several minor versions, making breaking changes less likely but not impossible. The controller-runtime update from v0.19.4 to v0.24.1 contains breaking changes, according to the release notes of v0.23.0 and v0.24.0. Notably, the update to k8s.io/* v1.35 in controller-runtime v0.23.0 and k8s.io/* v1.36 in controller-runtime v0.24.0 could introduce breaking changes if the application code relies on removed or modified APIs. Also, usage of Server Side Apply could potentially introduce subtle errors and requires careful validation if used. The breaking changes related to the events API and webhook implementations introduced in v0.23.0, and the deprecation of SchemeBuilder in v0.24.0, may affect the codebase.
Security Assessment
No specific security advisories or govulncheck results were provided.
Recommended Action
Review specific areas: Due to the controller-runtime update containing potentially breaking changes related to Server Side Apply, events API, webhooks and deprecated SchemeBuilder, the reviewer should check the areas of the codebase where these features are used to ensure compatibility with the new version. In addition, the reviewer needs to be aware of the indirect k8s.io dependency upgrades and review the k8s changelogs.
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/main/go-modules-controller-runtime-and-k8s
branch
from
babeb5f to
a70b01b
Compare
github-actions
Bot
added
risk/medium
There was a problem hiding this comment.
Risk Level: MEDIUM
Summary of Dependency Changes
This PR updates several Kubernetes dependencies, including k8s.io/api, k8s.io/apimachinery, k8s.io/client-go, k8s.io/utils, and sigs.k8s.io/controller-runtime. These are minor version bumps, but the controller-runtime update jumps from v0.19.4 to v0.24.1, which includes multiple minor releases and therefore a greater chance of impactful changes. The controller-runtime update includes breaking changes related to dependencies, events, fakeclient, and webhooks.
Affected Code
- k8s.io/api, k8s.io/apimachinery, k8s.io/client-go, k8s.io/utils: No direct imports exist in provided context.
- sigs.k8s.io/controller-runtime: No direct imports exist in provided context.
Breaking Change Assessment
The controller-runtime changelog indicates breaking changes, most notably the update to k8s.io/* v1.36 and changes to how webhooks are handled (requiring concrete object types instead of runtime.Object). While these are minor version bumps, the jump in controller-runtime from 0.19 to 0.24 increases the likelihood of impactful API changes. However, since no direct usages exist in provided context, and it's a minor bump, breaking changes are unlikely to directly affect the code base.
Security Assessment
No security advisories or govulncheck results are present.
Recommended Action
Review specific areas: Due to the controller-runtime version jump and associated breaking changes, a reviewer should check the areas where controller-runtime is indirectly used, particularly any code using webhooks or interacting with the Kubernetes API client, as well as ensure there are no dependency conflicts arising from the change. Specifically, the team should review files associated with controller setup, webhook configuration, and event handling.
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/main/go-modules-controller-runtime-and-k8s
branch
from
a70b01b to
d7dbde1
Compare
github-actions
Bot
added
risk/medium
There was a problem hiding this comment.
Risk Level: MEDIUM
Summary of Dependency Changes
This PR updates several Kubernetes dependencies, including k8s.io/api, k8s.io/client-go, k8s.io/utils, and sigs.k8s.io/controller-runtime. All are minor version bumps except for k8s.io/utils which is a digest update. The controller-runtime update includes several bug fixes, features, and dependency updates, including bumping the k8s.io/* dependencies to v1.36.
Affected Code
Since the assessment is done without access to project code, I will make a general analysis.
k8s.io/api: This provides the core Kubernetes API types. If we use any of these types, changes there might affect us.k8s.io/client-go: This is the Kubernetes client. If we use the client for interacting with a cluster, the update can impact us.k8s.io/utils: This package provides utility functions. Digest update requires no further code analysis.sigs.k8s.io/controller-runtime: This package contains the controller runtime framework. If we use it, the update can impact the definition and the behaviour of our controllers.
Breaking Change Assessment
As this is a minor version bump per semver, breaking changes are unlikely, however, the release notes for controller-runtime v0.23.0 do list breaking changes related to client side apply and webhook definitions. Additionally, the update to k8s.io/* v1.36 within the controller-runtime update could introduce breaking changes, though these are less likely in minor versions. The controller-runtime v0.24.0 release notes also mention a breaking change regarding dependency updates to k8s.io/* v1.36.
Security Assessment
No security advisories or govulncheck results are present in the provided data.
Recommended Action
Review specific areas: Due to the significant number of dependency changes, especially in controller-runtime, and the noted breaking changes related to Server-Side Apply and Webhooks in the release notes, a review of the areas where these features are used is necessary. The reviewer should specifically check the controller implementations, webhook definitions, and client interactions with the Kubernetes API, ensuring compatibility with the updated types and client behavior. Also, the warning about some dependencies not being looked up suggests a potential risk, and requires further investigation of those specific dependencies.
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/main/go-modules-controller-runtime-and-k8s
branch
from
d7dbde1 to
983b229
Compare
github-actions
Bot
added
risk/medium
There was a problem hiding this comment.
Risk Level: MEDIUM
Summary of Dependency Changes
This PR updates several Kubernetes dependencies (k8s.io/api, k8s.io/apimachinery, k8s.io/utils) and sigs.k8s.io/controller-runtime. The k8s.io dependencies are updated from v0.33.4 to v0.36.1, while controller-runtime jumps from v0.19.4 to v0.24.1. Controller-runtime v0.24.0 includes breaking changes due to the update to k8s.io/ * v1.36.
Affected Code
- k8s.io/api, k8s.io/apimachinery, k8s.io/utils: No direct imports, but these are transitive dependencies of controller-runtime, so changes can still affect code.
- sigs.k8s.io/controller-runtime: Without specific file usage it's difficult to gauge the impact precisely, but the upgrade likely involves the core controller logic.
Breaking Change Assessment
The upgrade of controller-runtime to v0.24.1, which includes v0.24.0, introduces breaking changes due to updated k8s.io/* dependencies. This may impact the controller's interactions with Kubernetes resources, especially if the controllers use webhooks. Specifically, the GetEventRecorderFor function and the new events.k8s.io apiGroup requires RBAC updates. Also, there are changes to webhook implementations requiring concrete objects rather than runtime.Object.
Security Assessment
No security advisories or govulncheck results are included in the context.
Recommended Action
Needs careful review: The minor version bump to controller-runtime includes breaking changes related to Kubernetes API versions and webhook implementations. The reviewer should examine the areas affected by these changes, specifically controllers using webhooks and event recorders, to ensure compatibility and perform necessary RBAC updates.
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/main/go-modules-controller-runtime-and-k8s
branch
from
983b229 to
12807b1
Compare
github-actions
Bot
removed
the
risk/medium
github-actions
Bot
added
the
risk/medium
There was a problem hiding this comment.
Risk Level: MEDIUM
Summary of Dependency Changes
This PR updates several k8s.io dependencies (api, apimachinery, client-go) from v0.33.4 to v0.36.1, and sigs.k8s.io/controller-runtime from v0.19.4 to v0.24.1. These are minor version bumps, but represent a significant number of changes, including bug fixes, new features, and dependency updates within those projects. The controller-runtime update includes breaking changes related to Kubernetes API versions and webhooks.
Affected Code
- No direct imports of
k8s.io/apiexist. - No direct imports of
k8s.io/apimachineryexist. - No direct imports of
k8s.io/client-goexist. - No direct imports of
k8s.io/utilsexist. - No direct imports of
sigs.k8s.io/controller-runtimeexist.
Breaking Change Assessment
The controller-runtime update includes a breaking change related to upgrading to k8s.io/* v1.36 which is being done here so the code should already be compliant. Other breaking changes include changes to the events API that should be reviewed.
Security Assessment
No security advisories or govulncheck results are present in the context.
Recommended Action
Review specific areas
This PR contains the following updates:
v0.33.4→v0.36.1v0.33.4→v0.36.1v0.33.4→v0.36.1bc988d5→ff6756fv0.19.4→v0.24.1Warning
Some dependencies could not be looked up. Check the warning logs for more information.
Release Notes
kubernetes/api (k8s.io/api)
v0.36.1Compare Source
v0.36.0Compare Source
v0.35.5Compare Source
v0.35.4Compare Source
v0.35.3Compare Source
v0.35.2Compare Source
v0.35.1Compare Source
v0.35.0Compare Source
v0.34.8Compare Source
v0.34.7Compare Source
v0.34.6Compare Source
v0.34.5Compare Source
v0.34.4Compare Source
v0.34.3Compare Source
v0.34.2Compare Source
v0.34.1Compare Source
v0.34.0Compare Source
v0.33.12Compare Source
v0.33.11Compare Source
v0.33.10Compare Source
v0.33.9Compare Source
v0.33.8Compare Source
v0.33.7Compare Source
v0.33.6Compare Source
v0.33.5Compare Source
kubernetes/apimachinery (k8s.io/apimachinery)
v0.36.1Compare Source
v0.36.0Compare Source
v0.35.5Compare Source
v0.35.4Compare Source
v0.35.3Compare Source
v0.35.2Compare Source
v0.35.1Compare Source
v0.35.0Compare Source
v0.34.8Compare Source
v0.34.7Compare Source
v0.34.6Compare Source
v0.34.5Compare Source
v0.34.4Compare Source
v0.34.3Compare Source
v0.34.2Compare Source
v0.34.1Compare Source
v0.34.0Compare Source
v0.33.12Compare Source
v0.33.11Compare Source
v0.33.10Compare Source
v0.33.9Compare Source
v0.33.8Compare Source
v0.33.7Compare Source
v0.33.6Compare Source
v0.33.5Compare Source
kubernetes/client-go (k8s.io/client-go)
v0.36.1Compare Source
v0.36.0Compare Source
v0.35.5Compare Source
v0.35.4Compare Source
v0.35.3Compare Source
v0.35.2Compare Source
v0.35.1Compare Source
v0.35.0Compare Source
v0.34.8Compare Source
v0.34.7Compare Source
v0.34.6Compare Source
v0.34.5Compare Source
v0.34.4Compare Source
v0.34.3Compare Source
v0.34.2Compare Source
v0.34.1Compare Source
v0.34.0Compare Source
v0.33.12Compare Source
v0.33.11Compare Source
v0.33.10Compare Source
v0.33.9Compare Source
v0.33.8Compare Source
v0.33.7Compare Source
v0.33.6Compare Source
v0.33.5Compare Source
kubernetes-sigs/controller-runtime (sigs.k8s.io/controller-runtime)
v0.24.1Compare Source
What's Changed
Full Changelog: kubernetes-sigs/controller-runtime@v0.24.0...v0.24.1
v0.24.0Compare Source
🐛 Bug Fixes
🌱 Others
StartLoggingfor event debug logs (#3451)🌱 CI & linters
tools/setup-envtestsubmodule (#3476)📖 Additionally, there has been 1 contribution to our documentation. (#3477)
Dependencies
Added
Changed
8a7402a→944ab1f078029d→bd525daa0af3ef→8636f87200df99→8636f87f2248ac589584f→43fb72cbc988d5→b8788abRemoved
9bdfabeThanks to all our contributors! 😊
v0.23.3Compare Source
What's Changed
Full Changelog: kubernetes-sigs/controller-runtime@v0.23.2...v0.23.3
v0.23.2Compare Source
What's Changed
Full Changelog: kubernetes-sigs/controller-runtime@v0.23.1...v0.23.2
v0.23.1Compare Source
What's Changed
Full Changelog: kubernetes-sigs/controller-runtime@v0.23.0...v0.23.1
v0.23.0Compare Source
🔆 Highlights
GetEventRecorderForrequires updating your rbac for events to use theevents.k8s.ioapiGroup rather than the `` (core) apiGroupbuilder.WebhookManagedBy(mgr).For(&corev1.Deployment{})has to be changed tobuilder.WebhookManagedBy(mgr, &appsv1.Deployment{})runtime.Object, for example fromValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error)toValidateCreate(ctx context.Context, obj *appsv1.Deployment) (admission.Warnings, error)✨ Features
🐛 Bugfixes
waitermanipulation by @fossedihelm in #3368🌱 Other
sorttoslicespackage by @dongjiang1989 in #3370📖 Documentation
README.md's compatibility matrix forv0.22.x. by @renormalize in #3392Dependencies
Added
Changed
bda5523→078029d5ec99f8→9bdfabea0af3ef→200df9985fd79d→ec3ebc5f3f2b99→589584f4c0f3b2→bc988d5cfa47c3→2d32026Removed
New Contributors
Full Changelog: kubernetes-sigs/controller-runtime@v0.22.0...v0.23.0
Thanks to all our contributors! 😊
v0.22.5Compare Source
What's Changed
Full Changelog: kubernetes-sigs/controller-runtime@v0.22.4...v0.22.5
v0.22.4Compare Source
What's Changed
Full Changelog: kubernetes-sigs/controller-runtime@v0.22.3...v0.22.4
v0.22.3Compare Source
What's Changed
Full Changelog: kubernetes-sigs/controller-runtime@v0.22.2...v0.22.3
v0.22.2Compare Source
What's Changed
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.